2daybiz Businesscard Script Authentication bypass

vendor:

Businesscard Script

by:

D4rk357

7.5

CVSS

HIGH

Authentication bypass

287

CWE

Product Name: Businesscard Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

2daybiz Businesscard Script Authentication bypass

The 2daybiz Businesscard Script suffers from an authentication bypass vulnerability. By using the string "a or 1=1" in the username and password fields, an attacker can bypass the login process.

Mitigation:

The vendor should implement proper input validation and authentication mechanisms to prevent this vulnerability. Users should also be advised to choose strong and unique passwords.

Source

Exploit-DB raw data:

# Exploit Title: 2daybiz Businesscard Script Authentication bypass
# Date: 14th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.2daybiz.com/products/businesscard/index.php

Greetz to :b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members

##############################################################################

2daybiz Businesscard Login Form Suffers from authentication bypass .
String used for authentication bypass is "a or 1=1" in username and password fields 
and it yeilds login .

#################################################################################